Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/u-vuXCtWAO9KIBWrNJgF4X-VeiQ.roa
File:                     u-vuXCtWAO9KIBWrNJgF4X-VeiQ.roa (raw, json)
Hash identifier:          22TWf3RiPlHsAmadGR6JAjj6VmnQF/3QtA8ZoGYwMCo=
Subject key identifier:   BB:EB:EE:5C:2B:56:00:EF:4A:20:15:AB:34:98:05:E1:7F:95:7A:24
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CF20E2011F0ACF8AD6508C40F2F5B90D0
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/u-vuXCtWAO9KIBWrNJgF4X-VeiQ.roa
Signing time:             Wed 10 Jan 2024 06:27:41 +0000
ROA not before:           Wed 10 Jan 2024 06:27:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136258
IP address blocks:        94.156.250.0/24 maxlen: 24
                          185.226.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f2:0e:20:11:f0:ac:f8:ad:65:08:c4:0f:2f:5b:90:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan 10 06:27:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bbebee5c2b5600ef4a2015ab349805e17f957a24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:29:8e:24:3a:ec:18:b6:32:ce:cb:04:fb:1b:
                    3d:c6:0b:07:7d:ac:ef:86:95:6e:be:d6:89:00:4b:
                    c8:2c:89:bc:cb:a4:18:97:ec:a9:9d:45:3a:39:ea:
                    15:9d:ca:1f:e6:e8:15:b8:a8:f0:8f:6d:72:68:e1:
                    ec:67:23:1e:33:21:bd:01:0c:fb:e7:f4:70:a9:2b:
                    a0:35:c7:ca:a2:14:ff:75:e7:20:74:10:aa:0d:d1:
                    e6:f6:8b:a7:b8:20:9e:23:5c:19:2c:45:a1:98:b9:
                    19:5c:98:b1:d4:26:28:11:3d:89:06:ca:97:b7:74:
                    ff:b0:36:3b:2a:44:b7:9d:a5:d7:dd:35:0b:dd:21:
                    14:a4:62:ba:16:66:8a:a9:9f:5a:e3:df:60:95:d1:
                    a1:64:66:91:33:f5:4d:14:09:c0:db:8a:ca:44:03:
                    18:65:a9:01:f0:b0:fc:da:4e:d3:b3:a1:30:6f:42:
                    20:cf:7e:47:42:ad:e8:a8:21:6e:6b:90:d2:73:dc:
                    c8:d0:a4:e9:27:c7:94:95:13:a1:40:bb:6e:f4:1d:
                    d5:ed:22:8c:c6:b8:35:d4:a4:10:32:cd:88:5e:d8:
                    53:f3:47:3b:22:73:b9:5c:c2:5a:24:c1:66:d1:e9:
                    17:02:6e:5c:b5:f3:e3:e2:7a:8d:28:8a:b9:6b:69:
                    72:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:EB:EE:5C:2B:56:00:EF:4A:20:15:AB:34:98:05:E1:7F:95:7A:24
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/u-vuXCtWAO9KIBWrNJgF4X-VeiQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.156.250.0/24
                  185.226.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:56:42:ca:c9:48:aa:a5:19:93:28:a1:d4:ef:99:c0:08:2f:
         30:f4:f4:72:61:25:f6:cd:8b:cb:18:53:e5:ed:d4:9f:4f:0e:
         10:c8:23:90:2b:83:ba:cc:42:fb:c2:e3:3c:87:7d:90:16:df:
         14:87:a3:ae:15:bf:64:9d:c3:72:39:1a:94:b7:69:7a:69:ef:
         12:5a:f5:bf:98:68:c3:a1:52:61:49:20:c6:bc:57:48:7a:bb:
         3f:9d:38:89:dd:4a:7d:84:49:69:06:e1:f1:be:77:cb:b4:2d:
         a9:cc:05:e0:1c:0d:5a:0c:8e:b2:ba:5b:1b:fb:85:d2:f3:cb:
         c8:fe:0c:f0:3d:2c:f5:25:68:4e:6e:0e:0b:75:24:44:d4:d8:
         bb:fb:b7:3e:7e:dc:1e:0c:d8:16:f7:d1:f6:40:fa:74:9c:0a:
         eb:37:aa:43:6b:26:b1:14:fc:61:24:a5:c8:e9:15:d3:da:d4:
         f0:7c:7c:6f:3f:95:9a:0b:9f:0d:27:10:22:ae:0b:ff:dc:d6:
         7e:ce:b9:45:d6:83:b9:eb:c3:21:36:35:ae:13:0c:ce:82:32:
         2f:33:a8:9a:06:a1:14:d1:82:99:81:48:fb:44:d8:4b:ce:b5:
         cc:3a:41:fe:c3:9b:d8:f8:df:38:59:08:ae:71:d0:ef:52:55:
         a8:c0:51:66
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzyDiAR8Kz4rWUIxA8vW5DQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTEwMDYyNzQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmViZWU1YzJiNTYwMGVmNGEyMDE1YWIzNDk4MDVlMTdmOTU3YTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApymOJDrsGLYyzssE+xs9xgsHfazv
hpVuvtaJAEvILIm8y6QYl+ypnUU6OeoVncof5ugVuKjwj21yaOHsZyMeMyG9AQz7
5/RwqSugNcfKohT/decgdBCqDdHm9ounuCCeI1wZLEWhmLkZXJix1CYoET2JBsqX
t3T/sDY7KkS3naXX3TUL3SEUpGK6FmaKqZ9a499gldGhZGaRM/VNFAnA24rKRAMY
ZakB8LD82k7Ts6Ewb0Igz35HQq3oqCFua5DSc9zI0KTpJ8eUlROhQLtu9B3V7SKM
xrg11KQQMs2IXthT80c7InO5XMJaJMFm0ekXAm5ctfPj4nqNKIq5a2ly3QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLvr7lwrVgDvSiAVqzSYBeF/lXokMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvdS12dVhDdFdBTzlLSUJXck5KZ0Y0WC1WZWlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXpz6AwQA
ueKsMA0GCSqGSIb3DQEBCwUAA4IBAQBRVkLKyUiqpRmTKKHU75nACC8w9PRyYSX2
zYvLGFPl7dSfTw4QyCOQK4O6zEL7wuM8h32QFt8Uh6OuFb9kncNyORqUt2l6ae8S
WvW/mGjDoVJhSSDGvFdIers/nTiJ3Up9hElpBuHxvnfLtC2pzAXgHA1aDI6yulsb
+4XS88vI/gzwPSz1JWhObg4LdSRE1Ni7+7c+ftweDNgW99H2QPp0nArrN6pDayax
FPxhJKXI6RXT2tTwfHxvP5WaC58NJxAirgv/3NZ+zrlF1oO568MhNjWuEwzOgjIv
M6iaBqEU0YKZgUj7RNhLzrXMOkH+w5vY+N84WQiucdDvUlWowFFm
-----END CERTIFICATE-----